An unsecured 16TB MongoDB database containing 4.3 billion professional records was discovered, posing a significant risk for large-scale AI-driven social engineering attacks. The database included LinkedIn-style data.

The FBI issued a warning about a new scam where criminals manipulate online photos to create fake "proof-of-life" images for virtual kidnapping scams. These involve criminals posing as kidnappers, demanding ransom, and using altered images.

A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. The vulnerability lets attackers trigger an XXE injection in Apache Tika’s core, PDF, and parser modules.

The "Contagious Interview" campaign, linked to North Korean threat actors, has expanded with the addition of 197 new malicious npm packages. This campaign targets software developers in the crypto and Web3 sectors.

RomCom malware, linked to Russian military intelligence unit GRU Unit 29155, has been observed using the SocGholish fake browser update framework to deliver a Mythic C2 agent, targeting a U.S. civil engineering firm with ties to Ukraine.

Harvard University has disclosed a data breach targeting its Alumni Affairs and Development systems, caused by a vishing attack. It led to the unauthorized access of sensitive contact and biographical information of university affiliates.

A data breach has affected Italy’s national railway operator, Ferrovie dello Stato Italiane, following a successful cyberattack on its digital services provider, Almaviva. Threat actors claim to have exfiltrated 2.3 TB of highly sensitive info.

Google’s Mandiant researchers spotted threat actors exploiting a now-patched Triofox flaw, tracked as CVE-2025-12480 that allows them to bypass authentication to upload and run remote access tools via the platform’s antivirus feature.

SonicWall has confirmed that a September 2025 security breach involving its MySonicWall cloud backup service was the result of a sophisticated attack by a state-sponsored threat actor.

A coordinated international law enforcement operation has led to the arrest of nine individuals across Cyprus, Spain, and Germany for their involvement in laundering over €600 million through fraudulent cryptocurrency investment schemes.